To protect and safeguard your Exchange Server and network infrastructure from Todd圜at or ransomware attacks, install the latest Cumulative Updates and Security Updates on your Exchange Server to patch the vulnerabilities. Image Source – Todd圜at attack waves (Kaspersky) How to Protect your Exchange Server Environment from Todd圜at? In the next wave of attacks - until February 2023 - the Todd圜at gang increased the scope of attacks and targeted organizations in Indonesia, Kyrgyzstan, and Uzbekistan, in addition to the previously targeted countries. This time the gang targeted many prominent countries, including Russia, Afghanistan, India, Iran, Malaysia, Pakistan, Slovakia, Thailand, and United Kingdom. During this wave of attacks, the gang exploited the infamous ProxyLogon RCE vulnerability in the unpatched Exchange Servers. However, the Todd圜at APT gang started attacking more servers between February 2021 and May 2021. They also used the China Chopper, a 4 KB web shell, to get access to the server and download and execute another dropper. In some cases, the Samurai backdoor was also used to run another sophisticated Trojan cum loader called Ninja.
They used the malware to execute arbitrary code and multiple modules to remotely administer, control, and move laterally into the targeted network. The gang exclusively attacked Exchange Servers previously compromised with Samurai - an advanced passive backdoor that works on 443 and 80 ports. Between December 2020 and February 2021, the gang targeted and attacked a limited number of entities in Vietnam and Taiwan.
Todd圜at, an Advanced Persistent Threat (APT) gang,has been targeting and exploiting vulnerable Exchange Servers throughout Europe and Asia since December 2020.
0 kommentar(er)
